cbcvebase.
CVE-2021-31818
published 2021-06-17

CVE-2021-31818: Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API…

PriorityP427medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.62%
45.3th percentile
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.

Affected

8 ranges
VendorProductVersion rangeFixed in
octopusserver>= 2018.9.17 < 2018.13.02018.13.0
octopusserver>= 2020.0.0 < 2020.6.02020.6.0
octopusserver>= 2020.6.0 < 2020.6.51462020.6.5146
octopusserver>= 2021.1.0 < 2021.1.73162021.1.7316
octopus_deployoctopus_server>= 2018.9.17 < unspecifiedunspecified
octopus_deployoctopus_server>= 2021.1.7149 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2020.6.51462020.6.5146
octopus_deployoctopus_server>= unspecified < 2021.1.73162021.1.7316

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.